A method (400) for accessing one or more service processes (222) of service (250) includes executing at least one service enclave (220) and executing an enclave sandbox (200) that wraps the at least one service enclave. The at least one service enclave provides an interface to the one or more service processes. The enclave sandbox is configured to establish an encrypted communication tunnel (210) to the at least one service enclave interfacing with the one or more service processes, and communicate program calls (302) to/from the one or more service processes as encrypted communications through the encrypted communication tunnel.

Systems and methods are provided for sending and receiving encrypted submessages. Messages could be partitioned into a plurality of submessages based on the content of a message, and such submessages could be individually encrypted and sent over a network. The partitioning could be based on various standards and/or heuristics. In the sending process, submessages could be designated to travel over different networks and networks of different types. Such submessages could then be received and reassembled in spite containing overlapping content with respect to each other, having to contend with copies of submessages, and having accompanying related content (e.g., advertisements) and non-related content (e.g., random bits). Moreover, the sending process could also be performed in real time or in a batched manner, depending on the implementation.

A method is disclosed for implementing trust Internet of Things (IoT) services in an IoT device and a user device. The IoT device receives from the user device an authentication request comprising a hash value, first encrypted information and second encrypted information, where the IoT device determines whether the user device is successfully authenticated based on determining the user device public key and confirming that the user device public key exists in a list of access permitted user devices of the IoT device.

A method for tracking an item in a distributed environment is provided. At least one node in a network adds a new block to a first cryptographically verifiable ledger represented by a first sequence of blocks that is stored in one or more non-transitory computer-readable media. The new block added to the first cryptographically verifiable ledger contains a component identifier and a hash of a previous block in the first sequence of blocks. The at least one node in the network adds a new block to a second cryptographically verifiable ledger represented by a second sequence of blocks that is stored in the one or more non-transitory computer-readable media. The new block added to the second cryptographically verifiable ledger contains a destination identifier, the first sequence of blocks, and a hash of a previous block in the second sequence of blocks.

Techniques for cryptographically protecting personally identifiable information in images and videos are described herein. An image may be obtained. One or more regions in the image may be detected based on an object detection algorithm. Pixels for each region of the one or more regions may be encrypted using a symmetric encryption technique and an initialization vector. The encrypted pixels for each region of the one or more regions may be written back into the image. A symmetric key of the symmetric encryption technique and the initialization vector may be encrypted using an asymmetric encryption technique. Metadata of the image may be updated to store the encrypted symmetric key and the encrypted initialization vector.

A secure computing device includes a secure computing unit configured to execute secure computing on encrypted data obtained by encrypting plaintext represented in a prescribed expression format for stochastic computing in a homomorphic encryption scheme. The secure computing includes a process of acquiring a sum and a process of acquiring a product. The secure computing unit determines a value of each digit of a bit string representing the sum as one of a value of a corresponding digit of a bit string that represents first encrypted data and is represented in the expression format and a value of a corresponding digit of a bit string that represents second encrypted data and is represented in the expression format in the process of acquiring the sum that is a sum of the first encrypted data of the encrypted data and the second encrypted data of the encrypted data.

The present disclosure relates to a method for protecting a first data item applied to a cryptographic algorithm, executed by a processor, wherein said algorithm is a per-round algorithm, with each round processing contents of first, second and third registers, the content of the second register being masked, during first parity rounds, by the content of a fourth register and the content of the third register being masked, during second parity rounds, by the content of a fifth register.

A cloud-based system and method for encrypting media content is disclosed. The system comprises a key server microservice, for receiving control word requests and for generating encoded control words and a software encryption microservice, communicatively coupled to the key server microservices, the encryption microservice for receiving the media content, for generating the control word requests, for receiving the encoded control words, and for white-box encrypting the media content according to the generated encoded control words.

The device implements a processing pipeline having distinct circuitry for performing encryption/decryption operations and authentication operations and having state stores associated with the respective operations. The state stores store state associated with a given encryption frame, enabling the respective operations to be performed when blocks of data reach that stage in the pipeline. Due to the complexity of operations in a block cipher encryption scheme, the pipeline is deep, which provide the possibility for processing multiple data packets at any one time. The provision of the state stores at the stages in the pipeline at which they are required prevents stalling when a new data packet is received.

Aspects of the present disclosure relate to encrypted data processing (EDAP). A processor includes a register file configured to store ciphertext data, an instruction fetch and decode unit configured to fetch and decode instructions, and a functional unit configured to process the stored ciphertext data. The functional unit further includes a decryption module configured to decrypt ciphertext data from the register file to receive cleartext data using an encryption key stored within the functional unit. The functional unit further includes a local buffer configured to store the cleartext data. The functional unit further includes an arithmetic logical unit configured to generate cleartext computation results using the cleartext data The functional unit further includes an encryption module configured to encrypt the cleartext computation results to generate ciphertext computation results for storage back into the register file.